GEN Restaurant Group, Inc. 10-K Cybersecurity GRC - 2025-03-07

Page last updated on March 10, 2025

GEN Restaurant Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-07 18:43:40 EST.

Filings

10-K filed on 2025-03-07

GEN Restaurant Group, Inc. filed a 10-K at 2025-03-07 18:43:40 EST
Accession Number: 0000950170-25-035772

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybers ecurity. The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company works with third party companies to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents. The Company recognizes the importance of maintaining our technology and data systems. Our cybersecurity policies, standards, processes, and practices are integrated across our operational departments. Cybersecurity Risk Management and Strategy As one of the elements of our overall risk management program, we focus on the following key areas: - Technical Safeguards: We deploy technical safeguards, including by not limited to firewalls, anti-malware functionality and access controls. - Outside Consultants: We utilize outside consultants, including contractors and other third parties , to among other things , conduct regular testing of our networks and systems to identify vulnerabilities through penetration testing, while also measuring and advising on potential improvements to our incident prevention, response, and documentation procedures. We have not encountered cybersecurity threats or experienced previously cybersecurity incidents that have materially affected or that we believe are reasonably likely to materially affect us , including our business strategy, results of operations or financial condition. Governance Board of Directors Oversight Our Board is aware of the critical nature of managing risks associated with cybersecurity threats. Management works with our Board to establish oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board has delegated to our Audit Committee the primary responsibility for oversight of cybersecurity risks. Management’s Role Managing Risk Our CEO, Chief Financial Officer (“CFO”), and Information Technology Manager (“IT Manager”) play a primary role in informing the Audit Committee on cybersecurity risks. Our IT Manager has seven years of experience with the Company, which includes management of cybersecurity. These individuals monitor activity and potential risks related to the day-to-day operations of the business, including reviewing results of the work of our outside consultants. They will provide briefings to the Audit Committee on a periodic basis regarding cybersecurity matters, including but not limited to the following : - Current cybersecurity landscape and emerging threats; - Status of ongoing cybersecurity initiatives and strategies; - Incident reporting, if any, and learning from any cybersecurity events; - Risk mitigation efforts and insurance, and - Compliance with regulatory requirements and industry standard. 39

Company Information